General
-
Target
83b3bbff75e56d0f909b8cf46fed4890.exe
-
Size
564KB
-
Sample
231206-zrd28sad6s
-
MD5
83b3bbff75e56d0f909b8cf46fed4890
-
SHA1
31228d8d619decb64105e65ffae576f0ccddeb9c
-
SHA256
a1735e573eaa6b88ae074d9e59d3b1bbf856eda4737056f8d2b98a948061fd9c
-
SHA512
e841878f2f07ce9652f878b6a58f0037d251629c6f4b692445303660e103a8e03856b2a1249ad726ba9b2940edbe8e04a84949ea78dede6b6f45adf60d09fe16
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVU:teh0PpS6NxNnwYeOHXAhWTU
Static task
static1
Behavioral task
behavioral1
Sample
83b3bbff75e56d0f909b8cf46fed4890.dll
Resource
win7-20231020-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
83b3bbff75e56d0f909b8cf46fed4890.exe
-
Size
564KB
-
MD5
83b3bbff75e56d0f909b8cf46fed4890
-
SHA1
31228d8d619decb64105e65ffae576f0ccddeb9c
-
SHA256
a1735e573eaa6b88ae074d9e59d3b1bbf856eda4737056f8d2b98a948061fd9c
-
SHA512
e841878f2f07ce9652f878b6a58f0037d251629c6f4b692445303660e103a8e03856b2a1249ad726ba9b2940edbe8e04a84949ea78dede6b6f45adf60d09fe16
-
SSDEEP
12288:tehnaNPpSVZmNxRCwnwm3W3OHIIf5m9RhWFVU:teh0PpS6NxNnwYeOHXAhWTU
-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1